EIP-2026-118918
PRE-CVEModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-118918. PoCs published by Lavakumar Kuppan.
AI-analyzed exploit summary This is a detailed writeup describing a vulnerability in ModSecurity Core Rules that allows bypassing SQL injection filters by exploiting differences in how duplicate HTTP parameters are handled by ModSecurity and ASP/ASP.NET applications. The technique involves splitting malicious payloads across multiple parameters to evade detection.
Description
ModSecurity 2.5.9 (Core Rules 2.5-1.6.1) - Filter Bypass
Exploits (1)
This is a detailed writeup describing a vulnerability in ModSecurity Core Rules that allows bypassing SQL injection filters by exploiting differences in how duplicate HTTP parameters are handled by ModSecurity and ASP/ASP.NET applications. The technique involves splitting malicious payloads across multiple parameters to evade detection.